Tag Archive: Garante

ITALY: Italian authorities send a message with EU’s highest data protection fine as GDPR looms

The Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) has this month imposed fines of more than €11 million on five companies operating in the money transfers sector for unlawful processing of personal data. This is the largest fine ever imposed by a European Data Protection Authority.

Sigue Global Service Limited, a UK web-based money transfer firm, and four companies operating as its agents in Italy, were found to have transferred large amounts of money to Chinese entrepreneurs in breach of Italian money laundering regulations and the provisions of the Legislative Decree 30 June 2003 no. 196 (Codice per la protezione dei dati personali, Italian Privacy Code). Read the rest of this entry »

Permanent link to this article: http://blogs.dlapiper.com/privacymatters/italy-italian-authorities-send-a-message-with-eus-highest-data-protection-fine-as-gdpr-looms/

EUROPE – Towards Privacy by Design Regulations for Drones

There is an increasing usage of unmanned aerial vehicles (“UAV”, more widely known as drones) for civil and commercial purposes: from environment monitoring to agriculture, from audiovisual productions to my favorite football team training… Whilst there are no doubts about the potential benefits of the civil use of drones, there is still no certainty about what are the most appropriate rules to address the data protection risks deriving from a large-scale deployment of drone technology.

The concerns are in essence very similar to those outlined for the Internet of Things (see here our post on IoT data protection concerns), as after all this is also about the increasing usage of sensors.

Read the rest of this entry »

Permanent link to this article: http://blogs.dlapiper.com/privacymatters/europe-towards-privacy-by-design-regulations-for-drones/

ITALY – “Digital Authorities” Round Table, University of Milan, 22 May 2015

Follow us on Friday 22 May 2015 at the University of Milan, with the main experts of our Italian “Digital Authorities” – Giuseppe Galasso (Director Communications – AGCM), Benedetta Liberatore (Director Audiovisual Services – AGCOM) and Luigi Montuori (Director Communications and Electronic Networks – Data Protection Authority), together with Marco Cuniberti (UNIMI) and Giangiacomo Olivi (DLA Piper).

We will be discussing the regulatory challenges for digital media and new technologies, including the latest regulations on cookies and the consultation on IoT launched by the Italian Data Protection Authority. We look forward to seeing you at 2:30 PM, Sala Napoleonica of the University of Milan, via Sant’Antonio 2. The entrance is free, but please register with infomaster.giurisrprudenza@unimi.it. See you soon!

@giangiolivi

Permanent link to this article: http://blogs.dlapiper.com/privacymatters/italy-digital-authorities-round-table-university-of-milan-22-may-2015/

Italy – Internet of Things questioned by privacy regulator!

The Internet of Things (IoT) is becoming exponentially reviewed by regulators.  After the report from the Italian telecom regulator (AgCom), the Italian privacy authority just launched a consultation seeking inputs from the industry on how to regulate the IoT. Read the rest of this entry »

Permanent link to this article: http://blogs.dlapiper.com/privacymatters/italy-internet-of-things-privacy-consultation/

ITALY: Italian Data Protection Authority – analysis of the first half 2014 and action plan

The Italian Data Protection Authority (Garante) has recently made available the results of the first half 2014 activities: 196 inspections, fines issued in the range of 2,5M Euro (already collected). Read the rest of this entry »

Permanent link to this article: http://blogs.dlapiper.com/privacymatters/italy-italian-data-protection-authority-analysis-of-the-first-half-2014-and-action-plan/

ITALY: New rules on cookies and Internet profiling!

After a long public consultation process, the Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) finally issued its decision on the “simplified information notice and cookie consent” (“Cookie Decision”).

With the Cookie Decision, the Garante clarifies the distinction between technical and profiling cookies. To sum up:

– Technical cookies are cookies required for providing “electronic communications or information society services”; in other words, all cookies required to ensure the running of the site. To this broad category, the Garante associates also the analytic cookies placed by the publisher or the manager the site (editore o gestore del sito), provided that the only aggregated data are processed, as well as the functionality cookies to improve the service provided to the users (e.g. language preferences).

– Behavioral or profiling cookies are all cookies that allow a profiling of the user, so as to propose to the same user more tailored advertising. While no prior consent is provided for technical cookies, behavioral cookies require a specific and express consent.

The Garante further clarifies the distinction between first and third party cookies, defining as first party cookies all cookies placed by the publisher or the manager of the site, whereas all third party cookies are simply those cookies that are not placed by third parties. In this respect, the Garante acknowledged that the first parties may well not be aware of the existence of third parties placing cookies through the same first parties’ site. Consequently, in gathering the consent also for third parties’ cookies, the first parties are considered as mere “technical intermediary” (intermediari tecnici) – an interesting new concept for Data Protection, recognizing how Internet (and behavioral advertising) is de facto populated by a large number of arbitrators.

As for the new rules set out by the Cookie Decision, all sites with cookies will now have to provide for a two layer information notice, with a first summarized notice including a link to a second and more complete notice.

The first simplified notice is set through a banner to be placed in the homepage and to be devised in a way to create some “discontinuity” with the usage of the site contents. The banner will also contain some basic information, including a mention of any placing of behavioral or third parties cookies, a link to the extended information notice, the mention that it is possible to deny consent, and the indication that the continuation of the usage of the site will imply a cookie acceptance. This last point is very relevant, as such consent will have to be provided through “a positive action”, i.e. by removing banner through a click or continuing to read other underlying active pages. It will not be possible to simply ignore the banner. The publisher or manager of the site will then have to keep track of such consent through a (technical!) cookie.

As stated above, the simplified information notice will link to the more complete information notice, which will include more analytical information, including all information required by the laws. Such notice will include also the links to the third parties’ information notices, or other intermediary parties. It should also be specifically mentioned the possibility to object against the usage of cookies also through the browser settings.

As also discussed in our previous posts, the Garante had to operate within a legal framework based on consent. It clearly stated that it made an attempt to avoid unnecessary obstacles to the current internet users’ experience: it will now be very important to assess how the new rules will be implemented in practice (there are some parts that will need to be further clarified).

All operators will have a grace period of 12 months to adapt to the new rules. And they better do so, as any failure to comply with the regulations on profiling and cookies may entail substantial fines.

If you want to access to our commentary from our blog in Italian, please click here. For further information, do not hesitate to contact us (giangiacomo.olivi@dlapiper.com)!

Permanent link to this article: http://blogs.dlapiper.com/privacymatters/italy-new-rules-on-cookies-and-internet-profiling/

ITALY: Cookies Update – Main takeaways from the Cybersecurity Course

Whilst we are waiting for the publication of the results of the public consultation on cookies carried out by the Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante), here are some thoughts on cookies, as discussed during our latest presentation within the Cybersecurity and Data Protection Course at the University of Milan: Read the rest of this entry »

Permanent link to this article: http://blogs.dlapiper.com/privacymatters/italy-cookies-update-main-takeaways-from-the-cybersecurity-course/